From owner-man-jp-reviewer@jp.freebsd.org  Fri Mar  5 01:06:31 1999
Received: by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) id BAA14469;
	Fri, 5 Mar 1999 01:06:31 +0900 (JST)
	(envelope-from owner-man-jp-reviewer@jp.FreeBSD.org)
Received: from mail.yk.rim.or.jp (root@mail.yk.rim.or.jp [202.247.130.37])
	by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) with ESMTP id BAA14455
	for <man-jp-reviewer@jp.freebsd.org>; Fri, 5 Mar 1999 01:06:30 +0900 (JST)
	(envelope-from k-horik@yk.rim.or.jp)
Received: from localhost (ppp953.yk.rim.or.jp [202.247.185.204])
	by mail.yk.rim.or.jp (8.8.8/3.6W-RIMNET-98-06-09) with ESMTP id BAA19396
	for <man-jp-reviewer@jp.freebsd.org>; Fri, 5 Mar 1999 01:06:28 +0900 (JST)
To: man-jp-reviewer@jp.freebsd.org
In-Reply-To: Your message of "Tue, 2 Mar 1999 19:37:25 +0900 (JST)"
	<199903021036.TAA13105@mail.wbs.ne.jp>
References: <199903021036.TAA13105@mail.wbs.ne.jp>
X-Mailer: Mew version 1.93 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19990305010552U.k-horik@yk.rim.or.jp>
Date: Fri, 05 Mar 1999 01:05:52 +0900
From: Kazuo Horikawa <k-horik@yk.rim.or.jp>
X-Dispatcher: imput version 980905(IM100)
Lines: 50
Reply-To: man-jp-reviewer@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+981115
X-Sequence: man-jp-reviewer 1118
Subject: [man-jp-reviewer 1118] Re: ipfirewall.4
Errors-To: owner-man-jp-reviewer@jp.freebsd.org
Sender: owner-man-jp-reviewer@jp.freebsd.org
X-Originator: k-horik@yk.rim.or.jp

 $BKY@n$G$9!#(B

> $BJ?;3$G$9!#(B
> ipfirewall.4 $B$N=iLu$G$9!#$h$m$7$/$*4j$$$7$^$9!#(B
 $B$*Hh$l$5$^$G$9!#(BC $B$N%3%a%s%HItJ,$bLu$7$F$"$k$H$J$*NI$$$H;W$$$^$9!#(B


o ordered list $B$N(B ordered $B$,Lu=P$5$l$F$$$J$$$h$&$G$9!#(B
> $B%Q%1%C%H$OE,9g$9$k$b$N$,8+$D$+$k$^$G%Q%?!<%s%k!<%k$N%j%9%H$H>H$i$79g$o$5$l(B
                                                      $B=g%j%9%H$H>H$i$79g$o$5$l(B
> $B$^$9!#E,9g$9$k%k!<%k$,8+$D$+$C$?;~E@$G$=$l$KBP1~$9$k%"%/%7%g%s$r<B9T$7$^$9!#(B

$B86J8(B Packets are matched by applying an ordered list of pattern rules
against each packet until a match is found, at which point the
corresponding action is taken.


o $B!VA4$F!W!V$9$Y$F!W$,:.:_$7$F$$$k$N$G!V$9$Y$F!W$K$7$?J}$,$h$$$G$7$g$&!#(B
o $B!V%<%m!W$O!V(B0$B!W$K$7$F$/$@$5$$!#(B

>   IP_FW_F_COUNT         - $B%+%&%s%?$r99?7$7!"%^%C%A%s%0$rB3$1$^$9(B
                                      $BA}2C$5$;!"(B
$B86J8(B increment counters; continue matching

> IP_FW_F_REJECT $B$N>l9g!"(B fu_reject_code $B$NHV9f$,(B 0 $B$+$i(B 255 $B$J$i$P(B
> $BBP1~$9$k%3!<%I$H$H$b$K:G=i$N%Q%1%C%H$NH/?.85$N(B IP $B%"%I%l%9$X(B
> ICMP unreachable $B$rAw$jJV$7$^$9!#(B
> $B$=$&$G$O$J$/!"CM$,(B 256 $B$G%W%m%H%3%k$,(B IPPROTO_TCP $B$N>l9g$K$O(B
> $BBe$o$j$K(B TCP reset $B%Q%1%C%H$,Aw$i$l$^$9!#(B
	$B$=$&$G$O$J$$>l9g$K$O!"CM$O(B 256 $B$G%W%m%H%3%k$O(B IPPROTO_TCP $B$G(B
	$B$"$kI,MW$,$"$j!"$3$N>l9g(B TCP reset $B%Q%1%C%H$,Aw$i$l$^$9!#(B
$B$N$h$&$K(B must $B$rLu$9I,MW$,$"$k$H;W$$$^$9!#(B
$B86J8(B Otherwise, the value must be 256 and the protocol IPPROTO_TCP,
in which case a TCP reset packet is sent instead.


> .Sh $B?GCG(B
> 
> [EINVAL]  IP $B%*%W%7%g%s$NMs$,:G>.CM$h$jC;$$$+!"Ds6!$5$l$?%*%W%7%g%s(B
>           $B%P%C%U%!$h$jD9$/ITE,@Z$J7A<0$G$7$?!#(Bip_fw $B9=B$BN$G9=B$E*(B
>           $B$J%(%i!<$,H/@8$7$^$7$?!#(B(n_src_p+n_dst_p $B2aBg!"(BALL/ICMP
>           $B%W%m%H%3%k$N$?$a$N%]!<%H%;%C%H$J$I(B) $BIT@5$J%k!<%kHV9f$,(B
>           $B;H$o$l$^$7$?!#(B
$B!V(B)$B!W$H!V!#!W$N0LCV$G$9$,!"86J8$N$h$&$K(B
          $B$J%(%i!<$,H/@8$7$^$7$?(B (n_src_p+n_dst_p $B2aBg!"(BALL/ICMP
          $B%W%m%H%3%k$N$?$a$N%]!<%H%;%C%H$J$I(B)$B!#(B $BIT@5$J%k!<%kHV9f$,(B
          $B;H$o$l$^$7$?!#(B
$B$H$J$C$F$$$kJ}$,$h$$$H;W$$$^$9!#(B
--
$BKY@nOBM:(B
